2 Answers
2

As far as I know I never seen "Full control" premission level has been assigned to anyone other then System Account, however I think it will be better if you give user "Contribute" permissions as it will let them do most of things they need to do or you can create your own custom permission level.

We normally use SPRoleType to enumerate default permission levels and then add them to user of choice as shown below,

i dont know if timetothine has solved your issue or not as it should! but if it hasnt then you can do this! it will 100% work for you using impersonation! I used it for annonymous user who has no rights to anything appart for the public site. I need to write to a list that they dont have access to and so I came up with this:

a good example is an anonymous user who you want to edit (add to) a sharepoint list that they dont have access to programmaticaly.

runwithelevatedprivlages will not work as anonymous users wouldnt have anything to elevate, this is where you need to impersonate an account that does have access. runwithelevatedprivlages works well with logged in users who dont have the right permissions.

as an example I will show you impersonation first:

to impersonate you need to get the system token first and make sharepoint think that your that person, anything within the spsite that your going to impersonate will be under that user and not the current user your using, the method below is getting the system account token with elevated privlages (for anonymous users):

SPUserToken sysToken = null;
using (SPSite spSite = new SPSite(SPContext.Current.Site.ID))
{
//get the system token from the method GetSystemToken and passing the spSite that you want to run under
sysToken = GetSystemToken(spSite);
using (SPSite impersonatedSite = new SPSite(siteUrl, sysToken))
{
//we are impersonating the [@"SHAREPOINT\SYSTEM"] account
using (SPWeb web = impersonatedSite.OpenWeb())
{
//do your code here as the impersonated account like updating a list
}
}
}

this will work where RunWithElevatedPrivileges does not work :) as you can see there is suttle differences between the two, impersonation is not using the application pool account but rather any account that you want to impersonate. RunWithElevatedPrivileges only uses the application pool account and has some limitation to what access it has